Statement to be submitted by the Electronic Frontier Foundation, accredited under operative paragraph No. 9 of UN General Assembly Resolution 75/282, on behalf of 124 signatories. We, the undersigned, representing a broad spectrum of the global security research community, write to express our serious concerns about the UN Cybercrime Treaty drafts released during the sixth session and the most recent…
Category: Legislation
IT suppliers hacked off with Uncle Sam’s demands in aftermath of cyberattacks
Brandon Vigliarolo reports: Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident. The rules were unveiled in a draft update to the Federal Acquisition Regulation (FAR) that refreshes security…
Proposed contractor cyber reporting rule sets a ‘significantly problematic’ bar, industry groups say
David DiMolfetta reports: Cybersecurity and technology trade groups are urging agencies to rethink a proposed measure that would intensify requirements for federal contractors when they report cybersecurity incidents, arguing they are inconsistent with other cyber regulations and demand too much from contracted firms targeted in cyberattacks. The proposed rule from the Pentagon, GSA and NASA — the…
Biden Will Veto Efforts to Spike SEC Breach Disclosure Rule
Jeffrey Burt reports: President Biden is warning Congressional Republicans that he will veto any attempts to overturn the Securities and Exchange Commission’s (SEC) new requirement for public companies disclosing cybersecurity incidents. In a brief policy statement this week, the White House said public companies not reporting cyberattacks that disrupt their operations not only harms investors who should…
Italy government proposes tougher jail terms for cybercriminals
Reuters reports: Italy’s government is set to propose tougher jail terms for cybercrime and stricter disclosure rules for public bodies that come under attack from hackers, according to a draft law seen by Reuters on Wednesday. The bill, set for discussion at a cabinet meeting on Thursday, comes after repeated instances of ransomware and other…
SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit
Skye Witley reports: SolarWinds Corp. issued a full-throated denial of wrongdoing in how it handled one of the worst cyberattacks in history in a Friday court filing seeking the dismissal of US Securities and Exchange Commission allegations that its software security representations defrauded investors and violated rules on controls. SolarWinds argued that it disclosed risks…